Lexmark X651de PJL message script insertion Vulnerability
Release date:
Updated on:
Affected Systems:
Lexmark Laser Printer X651de
Description:
--------------------------------------------------------------------------------
Lexmark printer is a very popular printer device on the market.
Lexmark X651de has the input verification vulnerability when processing user input. Remote attackers can exploit this vulnerability to execute script insertion attacks.
The input transmitted through pjl rdymsg, OPMSG, and STMSG is incorrectly filtered before use, leading to arbitrary HTML and script code insertion. When users view malicious data, malicious code is executed in browser sessions.
<* Source: dave B
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Lexmark
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.lexmark.com/